Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0851-1

Опубликовано: 29 мар. 2018
Источник: suse-cvrf

Описание

Security update for LibVNCServer

LibVNCServer was updated to fix two security issues.

These security issues were fixed:

  • CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493).
  • CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712).
  • CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3
LibVNCServer-0.9.9-16.3.1
LibVNCServer-devel-0.9.9-16.3.1
libvncclient0-0.9.9-16.3.1
libvncserver0-0.9.9-16.3.1
linuxvnc-0.9.9-16.3.1

Ссылки

Описание

Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.

Затронутые продукты
openSUSE Leap 42.3:LibVNCServer-0.9.9-16.3.1
openSUSE Leap 42.3:LibVNCServer-devel-0.9.9-16.3.1
openSUSE Leap 42.3:libvncclient0-0.9.9-16.3.1
openSUSE Leap 42.3:libvncserver0-0.9.9-16.3.1
Ссылки

Описание

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.

Затронутые продукты
openSUSE Leap 42.3:LibVNCServer-0.9.9-16.3.1
openSUSE Leap 42.3:LibVNCServer-devel-0.9.9-16.3.1
openSUSE Leap 42.3:libvncclient0-0.9.9-16.3.1
openSUSE Leap 42.3:libvncserver0-0.9.9-16.3.1
Ссылки

Описание

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Затронутые продукты
openSUSE Leap 42.3:LibVNCServer-0.9.9-16.3.1
openSUSE Leap 42.3:LibVNCServer-devel-0.9.9-16.3.1
openSUSE Leap 42.3:libvncclient0-0.9.9-16.3.1
openSUSE Leap 42.3:libvncserver0-0.9.9-16.3.1
Ссылки